Cookie based router-side authentication

July 30, 2017

It is possible to build authenticators that are cookie-based. In order to that, one needs to implement an interface named ICookieAuthenticatorFactory and pass it to DefaultWampAuthenticationHost’s constructor, (or to FleckAuthenticatedWebSocketTransport/VtortolaAuthenticatedWebSocketTransport constructors).

The interface consists of a single method named “CreateAuthenticator”, which receives as a parameter an ICookieProvider, that is an interface that allows to access client cookies for read-only.

The authenticator created by the “CreateAuthenticator” method will be passed to the IWampSessionAuthenticatorFactory passed to the (Default)WampAuthenticationHost as the transportAuthenticator parameter. This allows to combine between authentication methods.

Note: it is not possible to set cookies from WampSharp. At this moment Fleck doesn’t support cookie set on Handshake, so this won’t be possible until someone implements this feature.

Example

This example demonstrates cookie-based authenticator usage. Cookies are set using an embedded uhttpSharp server.